Filtering out the noise
with VMRay

Discover VMRay’s revolutionary IOC identification by filtering out the noise to provide meaningful and actionable IOCs.

In the previous section, we explored the challenges of differentiating IOCs from the sea of artifacts. Now, let’s dive into how VMRay’s innovative approach streamlines this process and empowers cybersecurity professionals with rapid, reliable IOC identification.

The Power of VMRay Platform:
Complete yet noise-free analysis

Searching for meaningful IOCs amidst a deluge of artifacts can be a daunting task for malware analysts. However, VMRay’s cutting-edge solution offers a significant advantage. It simplifies and accelerates the process, allowing DFIR (Digital Forensics and Incident Response) ans SOC (Security Operations Center) teams to allocate their precious time more efficiently to incident response activities.

Meet VMRay Threat Identifiers (VTI)

VMRay employs a unique feature known as the VMRay Threat Identifier (VTI) system. This system is the linchpin of VMRay’s IOC identification capabilities. It acts as a virtual filter, singling out artifacts that exhibit unusual behavior. 

When a single artifact displays behavior indicative of an IOC, the analyzer promptly designates it as malicious. In cases where an artifact, while not inherently malicious, contributes to malicious activities when combined with other artifacts, VMRay classifies it as an IOC with an unknown or suspicious severity.

Defining the IOCs within the Artifacts

The ingenious aspect of VMRay’s approach is the seamless integration of IOCs within artifacts. Each artifact receives a distinct “IOC” flag, marking its potential significance in the threat landscape.

This distinction transforms the process of IOC identification, making it more precise and responsive. This means that IOCs are now defined as a subset of artifacts, by adding to each artifact an “IOC” flag.

VMRay Platform automatically filters out the irrelevant artifacts and provides clear and actionable IOCs
VMRay Platform automatically filters out the irrelevant artifacts and provides clear and actionable IOCs
Automated IOC Scoring and Flagging

Furthermore, VMRay’s VTIs play a pivotal role in assessing the maliciousness of IOCs. These threat identifiers provide an automated scoring mechanism, equipping security teams with a reliable gauge to determine the threat level of an IOC. 

This automated scoring and flagging system empowers security professionals to extract actionable threat intelligence effortlessly from dynamic malware analyses.

The critical role of accurate IOC identification

Effective incident response hinges on the accuracy of IOC identification. Whether dealing with spyware, remote access trojans (RATs), or bots, pinpointing IOCs with precision is paramount. VMRay’s robust solution offers a crucial edge, helping security teams respond effectively to evolving malware threats.

In the next chapter we will share a practical example, taken from the analysis of a RAT (Remote Access Trojan) to showcase how VMRay weeds out irrelevant artifacts and turns complexity into clarity.

IOCs vs Artifacts: How to filter-out the noise

Chapter 3: 
Analysis of a Remcos RAT: Turning complexity into clarity

Table of Contents

See VMRay in action.
Get a complete and noise-free picture of malware and phishing threats

Further resources


Build the most reliable and actionable Threat Intelligence:


Explore how you can benefit from VMRay’s capabilities for Threat Hunting


The most advanced malware and phishing sandbox

Welcome to the playground.

Explore what you can do with VMRay.

Click on the yellow dots to check the report formats, see the overview, explore the network connections of the sample, malicious behavior, and relevant files, map the threat on MITRE ATT&CK Framework, analyze and download IOCs and artifacts.

The analysis report tabs are available both for VMRayDeepResponse and VMRayTotalInsight. The bundle of VMRay FinalVerdict and VMRayDeepResponse also offers access to the analysis report tabs.

We’re sorry. 

The interactive tour is not available on mobile devices.

Unveiling the power:
See our experts showcasing VMRay’s capabilities.

Analysis of a malicious file

Join Fatih Akar from the VMRay team as he provides a detailed walkthrough of a malicious LNK file, a prevalent attack vector since Microsoft’s Office macros block.

Gain valuable insights into each tab of our comprehensive analysis report and get a sneak peek into what you’ll be exploring.

Analysis of a malicious URL

Join Andrey Voitenko, an expert in advanced malware and phishing analysis from the VMRay team, as he demonstrates how to submit emails and URLs to the VMRay platform using built-in connectors.

Discover the capabilities of our new Automation Dashboard, enabling one-click automation with your existing EDR, SOAR, SIEM, and TIP tools. Monitor analysis data seamlessly from your VMRay dashboard and unlock new levels of efficiency in your security operations.

Integrating with existing tools

Watch Michael Bourton showcasing the seamless integration of VMRay platform with your existing security stacks.

Discover how effortlessly you can leverage unparalleled detection and analysis capabilities by utilizing dedicated connectors or our Rest API.

Experience VMRay in Action:
Explore Real-world Malware Analysis Reports

Get a firsthand look at the power and capabilities of the VMRay platform by delving into our sample malware and phishing analysis reports.

Immerse yourself in a range of report formats, providing comprehensive insights.

Dive into the overview, explore intricate network connections, analyze malicious behavior in detail, and map threats using the MITRE ATT&CK Framework. See the possibilities to download clear IOCs.

Uncover the capabilities that await you.

Calculate how much malware false positives are costing your organization:
Malware False Positive Cost Calculator